WALLOPS ISLAND, Virginia—Just 10 months ago, NASA asked three companies if they could do something nobody had done before. Could they build and launch a satellite to save a $500 million astronomy mission at risk of crashing back to Earth? What’s more, could they do it in less than a year on a tight budget?
Katalyst Space Technologies, a startup founded in 2020, presented the most compelling solution. “They came back with a response that was technically and programmatically plausible, and then we were like, ‘Yeah, let’s do it,’” said Shawn Domagal-Goldman, director of NASA’s astrophysics division.
That was in August of last year. In September, NASA awarded Katalyst a $30 million contract to build, test, and launch a small satellite to chase down Swift and latch onto it with three robotic arms. Then, Katalyst’s Link servicing spacecraft will boost Swift’s orbit back to a safe operating altitude, allowing it to resume scientific observations. Easier said than done. //
“From a programmatics standpoint, I consider this a success already, just from the fact that we’re even going to try this,” Domagal-Goldman said.
atop - AT Computing's System & Process Monitor
The server receives a large number of requests, which leads to the PHP-FPM pm.max_children limit being reached by the website(s). This usually indicates that the server is under attack or that the number of website(s) visitors has increased sharply. Attacks or increased visitor traffic put a strain on the server's CPU, as PHP handlers that execute code begin to use the CPU more actively to process incoming requests.
Resolution
Atop is an ASCII full-screen performance monitor for Linux that is capable of reporting the activity of all processes (even if processes have finished during the interval), daily logging of system and process activity for long-term analysis, highlighting overloaded system resources by using colors, etc. At regular intervals, it shows system-level activity related to the CPU, memory, swap, disks (including LVM) and network layers, and for every process (and thread) it shows e.g. the CPU utilization, memory growth, disk utilization, priority, username, state, and exit code.
In combination with the optional kernel module netatop, it even shows network activity per process/thread.
How to monitor and analyze the usage of system resources (CPU, Memory, Disk) in a period of time using atop?
How to calculate pm.max_children value on a Plesk server?
The following Plesk Obsidian solutions and 3rd-party extensions help to mitigate DDoS attacks:
How to diagnose a DoS/DDoS attack and find websites under attack on a Plesk server?
A website on a shared hosting can consume all system resources and disrupt the performance of other websites. This issue is known as the “noisy neighbor problem”. Plesk Cgroups Manager is an extension that helps you address this issue by managing the consumption of the CPU, RAM, and disk read and write bandwidth by customers.
In this topic, you will learn how to install and configure the Plesk Cgroups Manager extension, and also how to use it to monitor and control resource consumption by customers.
Some server operators find themselves battling with a high CPU load on their systems, which inevitably slows down website responses.
The main cause of high CPU loads is often due to search engine crawlers and “bad bots”, which are essentially crawlers similar to search engines but do not serve any purpose for you. What bad bots do with the crawled data remains a mystery. //
If you want to observe the 20 processes that continuously place the highest load on a server live, you can do this with a watch command line command:
watch "ps aux | sort -nrk 3,3 | head -n 20"Sometimes slow database processes or a high number of them can slow down database transactions. Let’s extend the watch with an extra section that displays the current database processes, too:
MYSQL_PWD=`cat /etc/psa/.psa.shadow` watch "ps aux | sort -nrk 3,3 | head -n 20 && echo "\ " && mysqladmin proc status -u admin"Fail2ban has a build-in tool for testing the fail2ban filters, called fail2ban-regex, which you can use via command line. Like:
fail2ban-regex /var/www/vhosts/<your domain>/logs/access_ssl_log /etc/fail2ban/filter.d/apache-badbots.confWhich uses the /var/www/vhosts/<your domain>/logs/access_ssl_log log as a source to test the Apache Bad bots filter located at /etc/fail2ban/filter.d/apache-badbots.conf. (Replace <your domain> with a domain on the server).
If you want to change/improve your fail2ban filters I higly recommend this blog post by @Peter Debik.
How to Avoid High CPU Load & Block Bad Bots with Plesk - Plesk
When fluid flows through a pipe it loses energy because of friction against the walls and extra turbulence in fittings and valves. That lost energy appears as a pressure drop the pump has to overcome. This calculator does the Darcy–Weisbach maths for you—factoring in pipe roughness, length, fittings, fluid density & viscosity—and outputs:
- Velocity and Reynolds number – confirms laminar or turbulent flow.
- Friction factor f via the Colebrook‑White equation.
- ΣK minor‑loss coefficient for your elbows, tees, valves, etc.
- Total pressure drop in kPa | bar | psi and equivalent head loss in metres.
Use this form to estimate the brake horsepower required. Brake horsepower is the power out of the drive motor, and the power into the water pump and is how most pumps and drive motors are specified
UV treatments allow the quality of stored water to be maintained. So the water doesn’t turn green.
To achieve this, the UV reactor must be correctly sized. The most important criterion for algae treatment is the dose applied:
-
30 mJ/cm²
The next step is to circulate the water through the UV reactor.
In this configuration, good recirculation is essential. Size your pumping system according to the temperature of your water:
- Temperature / 2 = pumping time.
- Temperature > 28° = continuous operation
Example for a 100 m³ basin: for water at 22 degrees, the recommended recirculation time is 11 hours. The pumping rate is 100 / 11 = 9.1 m³/h.
Now you know the flow rate and dose to choose, all you have to do is fill in the form.
Moleaer nanobubble technology delivers oxygen throughout the water column, including at the sediment-water interface (bottom of the water column), with one of the highest transfer efficiencies validated by third-party testing. Unlike larger bubbles from conventional aeration that rise to the surface and burst, neutrally buoyant nanobubbles stay suspended in the water. This offers prolonged benefits, including sustained oxygen levels at the sediment-water interface, supporting overall lake health.
If you're a lake or pond manager or owner, you're probably all too familiar with the frustrating problems that can plague your water body. Nanobubble technology is an independently validated and proven tool that can help keep your water clear, healthy and more resilient to these problems.
The Minimal Secure Transport Protocol
By Dipl. Ing.(BA) Frank Gerlach (frankgerlach.tai@gmx.de)
The MST protocol has been designed in order to create a building block for a more secure computing landscape. The main design objective has been simplicity, which directly translates into high security, because simple programs are also easy to review and even prove correct in a mathematic sense. //
SplatMan_DK Ars Tribunus Angusticlavius
18y
8,304
Subscriptor++
Confy said:
Nutanix has Veeam support and HPE has Zerto support. I wonder what hypervisor Tesco chose.
Lot's of talk about this in the MSP chats around Europe (and I am a small MSP).
A very good bet is is KVM underneath a private-cloud stack that can handle 40K+ instances in 100+ locations in a fully automated fashion, using Infrastructure-as-code, and which includes baked-in options to run Kubernetes (the Tanzu subscription says so).
Who fits the bill:
Virtuozzo (very good VMWare replacement with K8S but too much proprietary stuff mixed in)
OCI (Oracle are also duchebags so unlikely)
Openstack vanilla (possible but unlikely given the focus on risk - managers want paid support)
RHSOSP (Red Hat OpenStack Platform - expensive but less than half the price of VMWare)
Canonical Charmed OpenStack (cheap and solid option - decent bet especially with Sunbeam for small local sites)
Apache Cloudstack (unlikely as few commercial options would provide support for "at a sprint" migration)
FishOS by Sardina (nice vanilla OpenStack with migration tool, support contract and remote ops but unlikely candidate due to small organizational size for Tescos taste)
Platform9 (cloud-based control plane for on-prem OpenStack and optimized for retail)
Theoretically fits the bill but with lots of re-work:
Rancher (K8S only - unlikely)
SUSE Harvester (Rancher but with KubeVirt VM capability - still unlikely but pretty cool and solid for a long term strategy)
Doesn't fit the bill:
Nutanix (supported by govtools; Veeam - but has good K8S)
HyperV (supported by govtools; Veeam - has no K8S)
Hyperscalers with cloud-only strategy; like Azure, AWS, GCP, Oracle Cloud (too expensive)
Proxmox (great for small shops - but finnicky and absolutely nowhere near Enterprise grade)
Other likely options (the MBA/C-suite approach):
Azure Hybrid environment with Azure Local for most workloads (on-prem) but some Hyperscaler mixed in; for example Azure. Migrating VMWare workloads is easy; doesn't save cost but keeps the few percentages of un-migratable legacy workloads spinning. Not everything in a hybrid environment is easily handled by Veeam and Zerto. But the bulk of VM instances would be covered. AKS on Azure Local for the K8S workloads for example; as well as various PaaS services.
The last option would often be the most appealing for the CIO, the CISO and the risk manager. It offers the easiest migration path - at least on paper. Price would be high but still significantly lower than inflated Broadcom prices; though the first few years of savings would be eaten by the accelerated transition costs.
Me, I'd go for Vanilla OpenStack and hire enough people to keep it running. The offering from Sardina is nice. It supports the accelerated transition requirement, and keeps the exit strategy clean and simple. It also ticks all the compliance boxes upper management wants because paid support is available.
Most vendor lock-in is with Microsoft or Nutanix. Least lock-in and easiest exit strategy is with Vanilla OpenStack, SUSE Harvester, Sardina FishOS, Canonical OpenStack.
Then again ... the suits in 40K+ employee companies rarely make the right tech-decisions. So who knows.
It will spill eventually. :)
With the clearance, Cuprina appears to be the only company to have FDA clearance to sell two species of fly larvae—and it’s abuzz with the potential to dominate the global maggot market.
The new species is Lucilia cuprina, or Australian sheep blowfly. It’s a close relative of Lucilia sericata, or the common green bottle fly, which is the fly species most often used for wound therapy, often called biosurgery or maggot debridement therapy (MDT). L. sericata is the only other fly with FDA clearance, which the agency first granted in 2004 to Ronald Sherman, who is now Cuprina’s Medical and Scientific Director. //
The two Lucilia species used in MDT are not considered parasitic. They mainly feast on carrion—though L. cuprina can cause a parasitic infestation in sheep called flystrike. In well-controlled MDT use, they feast only on dead and decaying tissue in wounds.
Perhaps the biggest reason MDT hasn’t taken off is that it’s not backed by solid evidence. While small, low-quality studies have indicated that maggot therapy is safe and effective at wound debridement, robust trials and evidence are lacking. As such, the treatment remains niche and is sometimes seen as a last resort for patients who refuse or are poor candidates for surgical or other standard debridement methods.
The hypothesis behind MDT is appealing if the maggots aren’t. To treat chronic, unhealing wounds, such as diabetic ulcers in the feet and legs, sterilized maggots are placed in the wound and secrete enzymes to liquify necrotic tissue. They then wiggle around to consume the slurry from all the nooks and crannies of a wound, which may be less painful and more efficient than surgical methods that try to slice out necrotic tissue. The maggots are thought to secrete various antibacterial compounds to ward off pathogenic bacteria and block biofilms from forming, overall preventing secondary infection. Finally, the activity of the maggots may also stimulate tissue regrowth. //
While MDT is intended to be a well-controlled treatment with larvae closely monitored and carefully removed at timed intervals, accidental myiasis carries the risk of having the maggots run amok and becoming difficult to extract. When this happens, doctors in California provide a simple solution: using strips of uncooked bacon to entice the maggots out.
This strategy worked for a woman with a poorly managed wound around her ear. After bacon strips were wrapped around her ear for 5 to 10 minutes, the maggots clung to the bacon and could be removed. The doctors note that they aren’t sure why it works—the bacon may block air, forcing the maggots to surface; the fats from the meat may increase their mobility; or the maggots just like bacon.
https://youtu.be/_AwzaZmRNsI?si=U_xxdMVhz9cFyySj
At work we triggered the update using the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\AvailableUpdates set to 0x5944 method; and it honestly went surprisingly well. That said; it's 100% thinkpads and enterprise-line Dells here; and I have the unpleasant suspicion that the 'consumer motherboard that maybe gets an update if AGESA needs to be bumped' segment has some...under-tested DBX update functionality.
We've also had a veritable torrent of WU-delivered UEFI capsule BIOS updates go out; so the OEMs seem to be doing things on their end as well.
Luckily, to the best I've been able to pin anyone down on the question, failure to update just means not being protected according to what secure boot is designed to do, rather than the system just not booting; so we shouldn't have too large an epidemic of random home wintendos just falling over and dying; and realistically home users don't exactly //
just had to check for these in powershell:
$([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbdefault).bytes) -match 'Windows UEFI CA 2023')
and
$([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')$([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')depending on which DB we have it stored (let me know if you know any other place). //
This script works pretty well if you don't know how to do it for yourself, or in your corporate environment. https://github.com/anomixer/Update-SecureBootCert